In the Registration Code field, enter the Registration Code displayed when you added the identity router in the Cloud Administration Console.
In the Authentication Service Domain field, enter the Authentication Service Domain displayed when you added the identity router in the Cloud Administration Console.
(Optional) If you want to configure a proxy server to handle traffic between the identity router and the Cloud Authentication Service, enter the proxy server details.
The proxy server can be unauthenticated, transparent, or authenticated. If you specify an authenticated proxy, it must be configured for only basic authentication.
In RADIUS and relying party deployments, the proxy server handles traffic for authentication and product maintenance (such as cluster updates). In an SSO Agent deployment, the proxy server handles traffic for product maintenance.
Enter the Proxy Host, formatted as an IP address or hostname.
Enter the Proxy Port number for the proxy.
If the proxy requires authentication, enter the Proxy Username.
If the proxy requires authentication, enter the Proxy Password.
Follow the instructions presented. If an error occurs that you are unable to resolve, contact Customer Support. A confirmation message appears when the identity router is connected to the Cloud Administration Console.
If an SSL proxy is in the network path between the identity router and the Cloud Authentication Service and the identity router does not recognize the SSL proxy certificate, you are prompted to accept or reject the certificate. Rejection causes the connection to fail. If failure occurs, you might have to remove or update the SSL proxy that is presenting the untrusted certificate. If the certificate has expired, the connection fails and a message indicates the certificate is invalid.
The message "Certificate trust overrides are configured for this identity router" indicates that a non-RSA (SSL proxy) certificate is configured for the identity router. Be aware that the owner of the configured certificate can read the encrypted traffic between the identity router and the Cloud Authentication Service.
Sign into the Cloud Administration Console to check the status of the identity router (Platform > Identity Routers).
When the identity router is connected to the Cloud Administration Console, the status reads Active.
In the Cloud Administration Console, click Publish Changes to apply the configuration settings for the new identity router. After the publish operation has completed, the identity router is fully deployed.
If you accepted an SSL proxy for the identity router in Step 7, make sure you inform your IT department so they can add the Cloud Authentication Service to their whitelist. After IT informs you that step is completed, RSA recommends that you remove the SSL proxy certificates from your deployment. Do the following:
Return to the Cloud Connection Trust field in the Identity Router Setup Console.
Confirm whether the identity router and Cloud Authentication Service will remain connected after you remove the certificates. Click Test Without Override Certificates. A message indicates if the connection is successful.
If the tests pass, click Remove Certificates to remove the certificates from your deployment. If any tests fail, see your IT department and confirm that the necessary URLs are whitelisted.